Password complexity can be defined and enforced e.g. password should have 3  alphabets, 2 numeric characters, and 1 special character. The minimum Password length can be specified. Password age can be defined. After which it will expire and force the users to reset their password. Password history can also be defined to dissuade users from reusing recent passwords.